CVE-2024-4147 Overview
A critical insufficient granularity of access control vulnerability (CWE-1220) has been identified in lunary-ai/lunary version 1.2.13, allowing unauthorized users to delete prompts created by other organizations through ID manipulation. This Broken Access Control vulnerability enables attackers to bypass ownership validation and remove resources belonging to other users' projects or organizations.
Critical Impact
Attackers can delete prompts belonging to other organizations, causing data loss, service disruption, and information inconsistencies across the platform.
Affected Products
- lunary-ai/lunary version 1.2.13
- Potentially other versions prior to the security patch
Discovery Timeline
- 2026-02-02 - CVE-2024-4147 published to NVD
- 2026-02-03 - Last updated in NVD database
Technical Details for CVE-2024-4147
Vulnerability Analysis
This vulnerability represents a classic Broken Access Control flaw where the application fails to properly validate resource ownership before performing destructive operations. The lunary-ai/lunary application implements permission checks to verify whether a user has the capability to delete prompt resources, but critically omits validation of whether the targeted prompt actually belongs to the user's organization or project.
The insufficient granularity of access control allows any authenticated user with prompt deletion permissions to manipulate resource identifiers (IDs) to target prompts outside their organizational boundary. This design flaw creates a horizontal privilege escalation scenario where users can affect resources belonging to peer organizations.
Root Cause
The root cause stems from incomplete authorization logic in the prompt deletion functionality. The application only verifies that a user possesses the generic permission to delete prompts, without implementing the necessary ownership check to confirm the prompt belongs to the requesting user's organization or project. This represents a missing authorization check at the object level, a common pattern in Insecure Direct Object Reference (IDOR) vulnerabilities.
Attack Vector
The attack vector for this vulnerability is network-based and requires no user interaction. An authenticated attacker can exploit this flaw by:
- Obtaining or enumerating prompt IDs belonging to other organizations
- Crafting a deletion request with the target prompt ID
- Submitting the request through the standard API endpoint
- Successfully deleting prompts outside their organizational scope
The exploitation does not require elevated privileges beyond basic authenticated access with prompt deletion capabilities. Attackers can systematically enumerate and delete prompts across the platform, causing widespread data loss and service disruption for legitimate users.
Detection Methods for CVE-2024-4147
Indicators of Compromise
- Unusual patterns of prompt deletion requests targeting sequential or enumerated IDs
- API audit logs showing deletion attempts for resources outside the authenticated user's organization
- User complaints about missing prompts that were not deleted by authorized personnel
- Spike in 404 or resource-not-found errors following deletion operations
Detection Strategies
- Implement audit logging for all prompt deletion operations including the requesting user's organization ID and the target prompt's organization ID
- Create alerts for deletion requests where the prompt's organization does not match the requester's organization
- Monitor for enumeration patterns in API requests targeting prompt resources
- Correlate deletion events with user session data to identify cross-boundary access attempts
Monitoring Recommendations
- Enable detailed API request logging for all destructive operations (DELETE methods)
- Implement real-time alerting on authorization boundary violations
- Establish baseline metrics for normal prompt deletion rates per organization and alert on anomalies
- Review access control audit logs regularly for signs of IDOR exploitation attempts
How to Mitigate CVE-2024-4147
Immediate Actions Required
- Update lunary-ai/lunary to the patched version containing commit 0755dde1afc2a74ec23b55eee03e4416916cf48f
- Audit existing prompt deletion logs to identify potential exploitation
- Review and verify the integrity of prompt data across all organizations
- Implement additional authorization checks at the application gateway level if immediate patching is not possible
Patch Information
A security fix has been committed to the lunary-ai/lunary repository. The patch is available in GitHub Commit 0755dde1afc2a74ec23b55eee03e4416916cf48f. Organizations should update to a version containing this commit. Additional details about this vulnerability can be found in the Huntr Bounty Listing.
Workarounds
- Implement a reverse proxy or API gateway rule to validate that deletion requests only target resources within the authenticated user's organization scope
- Temporarily restrict prompt deletion permissions to administrative users only until the patch can be applied
- Enable strict audit logging for all prompt operations to detect and respond to exploitation attempts
- Consider implementing rate limiting on deletion endpoints to slow potential enumeration attacks
# Example: Review recent prompt deletion activity for anomalies
# Check application logs for cross-organization deletion attempts
grep -E "DELETE.*prompt" /var/log/lunary/api.log | \
awk '{print $1, $2, $NF}' | \
sort | uniq -c | sort -rn | head -20
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
